- Newest
- Most votes
- Most comments
Correct. And you’ll need a route from private subents to the NAT gateway. A useful link https://docs.aws.amazon.com/AmazonECS/latest/bestpracticesguide/networking-outbound.html
To allow EC2 instances in a private subnet to access the internet, the common approach is to route their traffic through a NAT Gateway. Here's how it typically works: NAT Gateway in Public Subnet: You deploy a NAT Gateway in a public subnet, which has a route to the internet through an Internet Gateway (IGW).
Elastic IP (EIP): The NAT Gateway requires an Elastic IP (EIP) to provide a static public IP address for outbound internet traffic. The EIP is automatically assigned to the NAT Gateway during creation.
You can refer to this AWS documentation :- https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html
Hope it clarifies and if does I would appreciate answer to be accepted so that community can benefit for clarity, thanks ;)
You should have both.
The route table of the private subnet where the EC2 instances are located should have the NAT gateway in the public subnet as the next hop.
The route table of the public subnet where the NAT gateway is located should have the internet gateway as the next hop.
The NAT gateway should also have an elastic IP attached to it which is the IP that will be seen by the internet (the internet gateway by itself doesn't hold a public IP).
Relevant content
- Accepted Answerasked a year ago
- Accepted Answerasked 2 years ago
- asked 5 years ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated 2 years ago